Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Largon

Pages1

General Support / Syslog parser

December 10, 2020, 01:05:56 PM

Dear NetXMS Community

we use syslog parser to generate network device error events immediately on expression match.

However, some syslog errors comes every second and only the first error message have to generate the event immediately and all further errors that comes to the same device for the next three hours have to be ignored.
The problem is that we don´t want to wait 3 hours or 20 of the syslog errors, it must generated with the first match and after this syslog parser have to ignore the following errors for the next 3 hours.

How we have to use the match attributes "repeat Count", "repeatInterval" and "reset" to solve this? Any ideas?

thanks in advance

General Support / Re: Additional interface details from node for syslog parser events

December 09, 2019, 11:47:42 AM

Thank you for the quick reply. I understand that it´s possible to find a solution for our use case via "Script library" (get the infos via foreach iteration and add information direct to the event).

Unfortunately, we have no experience with application script programming. I have tried the following solution via "Script library" with no success (in the event i would use %<additionalInfo> as parameter):

^{// only for Cisco_IF_Disabled events
if (($event->name != "Cisco_IF_Disabled"))
   return true;

// get interface index from description
ifindex = GetInterfaceObject($node, $3);
if (ifindex == null)
   return true;

// get alias (description for cisco port)
alias = ifindex->alias;
if (alias == null)
   return true;

// get peer node (node connected to this interface) object
peer = ifindex->peerNode;
if (peer == null)
   return true;

// set event's named parameter
SetEventParameter($event, "additionalInfo", "Port Description: " alias);
return true;}

I think we should involve commercial support for a working solution.

General Support / Additional interface details from node for syslog parser events

December 04, 2019, 12:47:50 PM

Hello NetXMS Community,

we are using syslog parser for Cisco port security violation.

In the cisco syslog message is only mac adress and interface information for syslog parser (int info is equal to interface description in netxms).

Example:
10:45:06: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address "aaaa.bbbb.cccc" on port GigabitEthernet0/21.

Is there any way to get the interface description (interface alias in netxms) in addition to the mac address and the port?

I have no idea to wich place i should use scripting to match "interface description" with "interface alias" for the event.

Do you have any ideas?

best regards

General Support / Re: Sys_IF_Disabled Event AND Expected interface state = Ignore

October 30, 2019, 03:45:50 PM

Hello,

yes i´m talking about Sys_IF_Down.

Now we are testing snmp trap configuration for the interface disable events and it seems the best way.

General Support / Sys_IF_Disabled Event AND Expected interface state = Ignore

October 24, 2019, 04:45:17 PM

Hello,

we are testing NetXMS since one week and have a lot of nodes connected to 1300 different switches.
To not get too many notifications for Sys_Node_Down, we set the Expected interface state = "Ignore" with the exception of the Up-/Downlinks.

Now we want to get notified if an interface is disabled by port security or other reasons.

Unfortunately, the Sys_IF_Disabled event works only when Expected interface state is "Up" or "Down".

Is there any other solution to create the Sys_IF_Disabled event or do we have to configure DCIs with Instance discovery?

best regards
Largon